The Android-targeting BankBot malware (all variants detected by Trend Micro as ANDROIDOS_BANKBOT) first surfaced January of this year and is reportedly the improved version of an unnamed open source banking malware that was leaked in an underground hacking forum. BankBot is particularly risky because it disguises itself as legitimate banking apps, typically using fake overlay screens to mimic existing banking apps and steal user credentials. BankBot is also capable of hijacking and intercepting SMS messages, which means that it can bypass SMS-based 2-factor authentication.Read More
The mobile threat landscape isn’t just rife with information stealers and rooting malware. There’s also mobile ransomware. While it seems they’re not as mature as their desktop counterparts, what with the likes of WannaCry and Petya, the increasing usage of mobile devices, particularly by businesses, will naturally draw more cybercriminal attention to this type of threat.
Take for instance mobile ransomware on the Android platform. The variants we detected and analyzed during the fourth quarter of last year were thrice as many compared to the same period in 2015. And indeed, the surge is staggering. We already had over 235,000 detections for Android mobile ransomware in the first half of 2017 alone—that’s 181% of detections for all of 2016.Read More
August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750 that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and controlled by the malware. A malicious app could be used to trigger this vulnerability, which occurs when a malicious disk using the F2FS (Flash-Friendly File System) is mounted. The disk can either be an actual physical device or a virtual file image.Read More